Suffolk: 'Rolling restoration' of computers after cyberattack

Suffolk County has begun a "rolling restoration" of its computer operations starting with the 911 emergency dispatch system, but officials offered no timeline for when all systems will be back online.

The county police computer-aided dispatch system went back online last Thursday for the first time since Sept. 8, when officials announced a "cyber intrusion" of county systems, Marykate Guilfoyle, a spokeswoman for County Executive Steve Bellone, told Newsday in an email Tuesday.

Officials subsequently shut down all county computer systems in an effort to protect data, and 911 operators had been hand-writing emergency information and having it hand-delivered to dispatchers elsewhere in the building.

“While we continue the assessment," of the malware attack, Guilfoyle said, "we have begun the rolling restoration of services.”

She continued: “In line with our continuity of operations plan, services will be restored in a prioritized order, beginning with the most essential functions.”

A posting on the "dark web" — an anonymized portion of the internet where criminal activity can occur — attributed the attack to the BlackCat or ALPHV strain of ransomware.

An unidentified group took responsibility for the attack and published several county documents it said it had acquired.

The documents included speeding tickets and court records on which the names of defendants and information about them were visible.

Bellone has said the county will provide free identity theft protection to those whose identities have been exposed.

Tactics the alleged hackers are using are “straight from the playbook” for ransomware attacks, Steve Morgan, founder of Cybersecurity Ventures in Northport, which provides data and research to the information technology industry, told Newsday on Tuesday.

First, Morgan said, attackers will release a small amount of data to identify themselves as the source of the data breach.

If the victim does not cooperate, criminals could release more data to ramp up the pressure.

If they don’t have high quality or damaging data, they might compensate by releasing a large quantity, Morgan said.

“It's a game of chicken," Morgan said. "The county doesn't entirely know what the criminals have. And the criminals don't know if the county will pay a ransom or not.”

Bellone has released few details about the source or scope of the attack, citing a law enforcement investigation.

County officials have not said whether they are negotiating with the attackers, who have posted that they are seeking a “small reward” for finding vulnerabilities in the county's computer systems.

Suffolk County Comptroller John Kennedy told Newsday Tuesday the county has not paid any ransom.

Negotiating with attackers is risky and paying ransom doesn’t usually guarantee protection from future attacks, said Israel Barak, chief information security officer at the Boston-based cybersecurity company Cybereason.

A 2022 survey published by the firm, which says it has 1,500 clients in the public and private sectors worldwide, found 80% of entities that paid ransom were attacked again.

“We often call it, ‘It doesn't pay to pay,’ ” Barak told Newsday.

“Most organizations that indicated that they ended up paying a ransom to try to recover faster from a situation like this ended up getting hit a second time,” Barak said.

Also Tuesday, Mike Martino, a spokesman for the Suffolk County Legislature, said legislative committee meetings scheduled for the week of Oct. 3 are expected to proceed, but without teleconference capabilities.

Also, the Oct. 1 deadline for outside contracting agencies to submit annual financial reports to the county will be extended until Oct. 17, Kennedy said.

By Vera Chinese

vera.chinese@newsday.com@VeraChinese

Vera Chinese covers Suffolk County government and politics. She joined Newsday in 2017 after working as an editor for the East End lifestyle publication northforker and a general assignment reporter for the New York Daily News.